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THAT WHICH IS CLAIMED IS: 

1. A method for assessing the security 
posture of a network comprising the steps of: 

creating a system object model database 
representing a network, wherein the system object model 
5 database supports the information data requirements of 
disparate network vulnerability analysis programs; 

exporting only the required data from the 
system object model database representing the network 
to each respective network vulnerability analysis 
10 program; 

analyzing the network with each network 
=£i vulnerability analysis program to produce data results 

from each program; 
Ci storing the data results from respective 

15 network vulnerability analysis programs and the common 
system model database within a data fact base; and 
^ applying goal oriented fuzzy logic decision 

S rules to the data fact base to determine the security 

CI posture of the network. 



2. A method according to Claim 1, and 
further comprising the step of exporting only the 
required data from the system object model database via 
filters associated with respective network 
vulnerability programs. 



3. A method according to Claim 1, and 
further comprising the step of exporting the system 
object model database to the network vulnerability 
analysis programs via an integrated application 

5 programming interface. 

4. A method according to Claim 1, and 
further comprising the step of modeling the network as 
a map on a graphical user interface. 
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5. A method according to Claim 1, and 
further comprising the step of establishing a class 
hierarchy to define components of the network 
vulnerability analysis programs that share common data 
5 and programming traits. 



6. A method according to Claim 1, and 
further comprising the step of running the network 
vulnerability analysis programs to obtain data results 
pertaining to network system details, network 

5 topologies, node level vulnerabilities and network 
level vulnerabilities . 

7. A method for assessing the security 
posture of a network comprising the steps of: 

creating a system object model database 
If representing a network, wherein the system object model 

SSL 

1; 5 database supports the information data requirements of 

disparate network vulnerability analysis programs; and 

exporting only the required data from the 
system object model database to respective network 
vulnerability analysis programs to produce data results 
10 from each program; 

storing the data results from respective 
network vulnerability analysis programs and the common 
system model database within a data fact base; and 

applying goal oriented fuzzy logic decision 
15 rules to the data fact base by the use of a plurality 

of fuzzy expert rules to merge results from the network 
vulnerability analysis programs so as to determine the 
security posture of the network. 



8, A method according to Claim 7, and 
further comprising the step of applying the fuzzy logic 
decision rules based on evidential reasoning. 
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9. A method according to Claim 7, and 
further comprising the step of exporting only the 
required data via filters associated with respective 
network vulnerability programs. 

10. A method according to Claim 1 , and 
further comprising the step of exporting the system 
object model database to the network vulnerability 
analysis programs via an integrated application 

5 programming interface . 

11. A method according to Claim 7, and 
further comprising the step of modeling the network as 
a map on a graphical user interface. 

"is? 

12. A method according to Claim 7, and 
m further comprising the step of establishing a class 

hierarchy to define components of the disparate network 
vulnerability analysis programs that share common data 
5 and programming traits. 

13. A method according to Claim 7, and 
further comprising the step of running the network 
vulnerability analysis programs to obtain data results 
pertaining to network system details, network 

5 topologies, node level vulnerabilities and network 
level vulnerabilities . 



'1 



14 . A computer program that resides on a 
medium that can be read by a program, wherein the 
computer program comprises instructions to cause a 
computer to create a system object .model database 
5 representing a network, wherein the system object model 
database supports the information data requirements of 
disparate network vulnerability analysis programs; 
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export only the required data from the system 
object model database representing the network to each 
10 respective network vulnerability analysis program; 

analyze the network with each network 
vulnerability analysis program to produce data results 
from each program; 

store the results from respective network 
15 vulnerability analysis programs and the common system 
model database within a data fact base; and 

apply goal oriented fuzzy logic decision 
rules to the data fact base to determine the security 
posture of the network. 



15. A computer program according to Claim 
14, and further comprising instructions for applying 
the fuzzy logic decision rules by the use of a 
plurality of fuzzy expert rules to merge results from 

5 the network vulnerability analysis programs. 

16 . A computer program according to Claim 
14, and further comprising instructions for applying 
the fuzzy logic decision rules based on evidential 
reasoning. 

17. A computer program according to Claim 
14, and further comprising instructions for exporting 
only the required data via filters associated with 
respective network vulnerability programs. 

18. A computer program according to Claim 
14, and further comprising instructions for importing 
the system object model database to the network 
vulnerability analysis programs via an integrated 

5 application programming interface. 
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19. A computer program according to Claim 
14, and further comprising instructions for modeling 
the network as a map on a graphical user interface . 

20. A computer program according to Claim 
14, and further comprising instructions for 
establishing a class hierarchy to define components of 
the network vulnerability analysis programs that share 

5 common data and programming traits. 

21. A computer program according to Claim 
14, and further comprising instructions for running the 
network vulnerability analysis programs to obtain data 
results pertaining to network system details, network 

5 topologies, node level vulnerabilities and network 
level vulnerabilities . 

22 . A data processing system for assessing 
the security posture of a network comprising: 

a plurality of disparate network 
vulnerability analysis programs used for analyzing a 
5 network; 

a system object model database that 
represents the network to be analyzed, wherein the 
system object model database supports the information 
data requirements of the network vulnerability analysis 
10 programs; 

an applications programming interface for 
importing the system object model database of the 
network to the network vulnerability analysis programs; 

a filter associated with the applications 
15 programming interface and each respective network 

vulnerability analysis program for filtering data from 
the system object model database and importing only the 
required data; 

a data fact base for storing the results 
20 obtained from respective network vulnerability analysis 
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programs after analyzing the network and the common 
system model database; and 

a fuzzy logic processor for applying goal 
oriented fuzzy logic decision rules to the fact 
25 database by the use of a plurality of fuzzy expert 
rules for merging results from the network 
vulnerability analysis programs and determining the 
security posture of the network. 

23 . A data processing system according to 
Claim 22, wherein the fuzzy logic decision rules are 
based on evidential reasoning. 

24. A data processing system according to 
Claim 22, wherein the applications programming 
interface for exporting the system object model 
database comprises a graphical user interface. 

25. A data processing system according to 
Claim 22, and further comprising a graphical user 
interface that models the network as a map. 

26. A data processing system according to 
Claim 22, and further comprising a graphical user 
interface for displaying the security posture of the 
network . 

27. A data processing system according to 
Claim 22, wherein the database further comprises an 
object oriented class hierarchy to define components of 
the network vulnerability analysis programs that share 

5 common data and programming traits. 



